'140 






HCW TO DEMOJlSTR^tTE COMSEC ^ffiAKNESSES TO NATO COUI\ITI?IES 



1. a* It is believed that f>IATO countries vrill recognize it to 

be to the benefit of all for each to improve his own national communica- 
tions security. Any action that may be taken by the UK and US must not 
appear to be an infringement of the national sovereignty of any NATO 
country or a desire to dictate to any of them. Instead of providing 
for a detailed examination of national practices, therefore, it is 
preferable to set up minimum security standards, -These should be 

\ 

promulgated by MTO for national use. Each country would be asked to 
evaluate its own practices against these standards and to assure NATO 
that that country’s security is equal to or better’ than that which these 
standards would produce, 

b. The Security and Evaluation Agency, NATO, which is in the 

would be the agent for use 3605 

program. Its action would take three forms; 

/ 

(1) Sponsorship of the |program thru Standing Group 
channels and implementation Ipf it if approved,' 

(2) Provision ojC assistance and advice, upon,' request, 

1 ' • 

' ! 

to individual countries, 

< { 

1 

(3) Evaluation of the results of the program,' 

2, Minimum standkrds c^n onijy be worked out in'^final form after 



'iderable discussion' between tbs 



Such standards 



;nust be set forth in' extreme! detail and must cover all known national 
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practices of MA.T0 countries in the whole field of communications security. 
This paper reives only a hare outline of the/’ fields that must be covered* 

If this approach is apreed upon by the UK and US, the Conference itself 
should at least produce an agreed list of /topics along these lines 
which will be the basis for later preparation of detailed specifications* 
3. In addition to physical sec\urity of cryptomaterial, adequate 
oonmunications security depends on two principles: 




b. Cryi'jtographic systems must be adequately secure and properly 



As regards the first of these, it will be necessary tp set 
standaj^ds in the following fields:./ 

a. Frequency plans : To Include minimum standards fop frequency 

allocation and frequency rotation^ idth attention paid to the inteprela- 
tioh between frequency changes apd call sign changes. 



prevent 



b. Format of cipher text: To include the steps necessary to 

pn the t^asis of sucl:\ things as length 



of I cryptoparts,, discriminants, ipdicator^. group length, etc. 

c. Message externals; fo ipclude emphasis on eliminating 
anyJ external elements that would facilitate the identification of 
traffic, e.g., stops toward attaining pniform beading procedures, etc. 

d. Communication procedixres, ; To include measures for general 
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ataiTidnrdiKatlon o.f comunication oroceduros, for attainment of call sign 
security, viith careful attention to interrelation of call signs and 
addresses. 

e. Plain language bransiitlssions: To Include steps toward 

minimiaing transid-ssions in plain te:ct and procedurally isolating such 
plain language as must be transmitted. 

5. a* The treatment of cr^Titographic security tdJLl include 
discussion of all systems and equipments .known to be in use or available 

for use by NATU .Countries other than ^ and will state 

whether or not thej^.ere acceptable j if they are acceptable minimum 
standards idll be presefej-bed for their use. All systems approved for 
NATO use iidll be incli^led in the consideration. 

b. The fields now contemplated for discussion are as follows: 

(1) Hand systems: To include unenciphered and enciphered 

codes, Slidex or other tactical codes, transpositions, strips, 
additives on plain text, etc. 

(2) Literal, or off-line macliiiies: To include all known 

Hagelin types, Enigma types, Kryha, ^c. 

(3) Teleprinter machines: To include Fish types, Olivetti, 
Hellschreiber, one-time tape systems, etc. 



(k) Key-generation and criteria therefor. 





